hello,
when i updated to latest version 6.x-3.9, a new menu item appeared "content summary", it seems to be a views item, how ever it has no permissions modifier and it shows to all kinds of roles and users,
i disabled it temporary from the whole menu, by the way i made sure in its views setting that only admins can see it, but the same.

any idea's?

Comments

rdeboer’s picture

Title: content suumary menu Item » "Content summary" menu item (View)

Yeah, it's a bit of work in progress. It's meant as a customisation starting point and an alternative way to present the information found under Accessible content.
I'm hoping for feedback from people like you to evolve it in something that has wide appeal.
Being a View it is meant to be configured to your personal liking.

rdeboer’s picture

Category: bug » support

While content titles may be shown, clicking on them is still subject to the access rules enforced by core and Module Grants (if installed).

rdeboer’s picture

Status: Active » Closed (fixed)

Closing after 3 months of no activity.

peter.walter’s picture

Version: 6.x-3.9 » 6.x-3.11
StatusFileSize
new476 bytes

Default access control for the content summary view is role = authenticated user, a more secure access control would be allow access only to those with a particular permission, say 'edit revisions'.

Patch attached to change default view.

rdeboer’s picture

Thanks for the sugguestion!
Rik

pixelpreview@gmail.com’s picture

I don't understand how to change the access to the menu item "content summary" ??
I have patched the file revisioning.views_default.inc too
I have changed manually the settings in the generated view, and change " role" to "access rights" --> edit revisions
I have rebuild rights permissions but that doesn't work
authenticated user who don't have the access to edit revisions can see the menu item too !
I try a lot of another rights but the user can see always the menu item ????

The only solution that I have found is to change the place of the menu item in navigation structure ...

monotaga’s picture

Status: Closed (fixed) » Needs review

This appears to have been closed because of inactivity (about a year) prior to exapndonline's patch in #4 from being posted. I think expandonline's patch is a good idea.

Could we get some review of the patch?

rdeboer’s picture

The patch in #4 looks fine. However I am not convinced "edit revisions" is, in general, a suitable default. "view revisions" or "authenticated user" is probably a better match for most situations, unless you want your content summary to be about content editable to the logged-in user, rather than viewable.

But as mentioned before, you can just go into the Views interface and pick any role or permission you like. It's about configuring the View to suit your use case.
The View that comes with Revisioning is just a configuration starting point, it is not meant to be a final answer to everyone's needs.

Things you may want to add are: filter by content type, filter by published/unpublished flag etc.

rdeboer’s picture

Status: Needs review » Closed (works as designed)

Question answered and no further activity. Closing.